Project description

UISandbox is a sample C# source code showing how to deal with plugins requiring sandbox, when those plugins must interact with WPF application interface (classically display child controls inside application window).

Project purpose

I had to develop a project with some sort of extensibility: a main application window had one or several child controls provided through plug-ins.

One of the requirements was to provide some protection against plug-ins, while users downloaded those plug-ins from not-so-trusted sources. Limiting global application privileges was not a solution.

With those requirements, the project can turn into nightmare. In fact, the first thing to note is that UserControl is not serializable. That means that it is not possible to put the window in main, full-trusted application, and all the controls in plug-ins in sandbox, because only serializable objects can be used through two AppDomains. The second thing to note is that if a plug-in uses a common method from a library which is intended to have a full-trust, it can't "just call" the method. Finally, .NET Framework 4.0 has a different approach of permissions and CAS.

During development, I had too much pain to find a good solution to respond to the requirements. There were no easy to understand samples on the web, and resources, articles and documentation was still using .NET 3.5, and was mostly missing for .NET 4.0. Having a broad choice of approaches, from System.AddIn to hardly understandable solutions which are depreciated in .NET 4.0, I was unhappy with any of them.

So to help others to start with plug-ins development for WPF applications and to not spend weeks, searching for an approach which works, I provide the source code of the project. In this project, a window is opened, containing two controls from two plug-ins. Each control can load and save a file. The work is done by a common library, since plug-ins do not have permissions to access file system.


Feel free to modify the project for your own needs. Having questions or comments? Contact me, and I will be happy to help.


Microsoft StyleCop rules: followed.
Microsoft FxCop rules: not followed.
Accessibility: N/A.
Technical documentation provided: no.

Last edited Apr 14, 2010 at 8:28 PM by Arsene, version 5